Q&A: HIPAA-compliant fundraising

RSS

Q: A large specialty medical group with a nonprofit research foundation allows the foundation to use its patient database for annual giving campaign mailing. Does this practice violate HIPAA?

A: This is acceptable provided that the medical group informs individuals about this use of their information in their notice of privacy practices and gives them the opportunity to opt out if they do not wish to receive further fundraising communication. In addition, note that covered entities may only use patients’ basic demographic data for fundraising purposes; they may not use any type of clinical information for targeted fundraising.

Editor’s note: Mary Brandt, president of Brandt & Associates, Inc., a healthcare consulting firm in Bellaire, TX answered this question in the January issue of Briefings on HIPAA.

Full Story

Health data losses: Don’t blame hackers

While patients and doctors often worry about medical records being hacked by cybercriminals and Internet snoops, the most common cause of health data breaches is physical theft of computing gear, according...

MGH to Pay $1M to Settle 'Potential' HIPAA Violation

Massachusetts General Hospital has agreed to pay $1 million to settle allegations it violated patient privacy laws when a hospital employee lost protected patient medical information on a Boston subway...

OIG to monitor Medicare, Medicaid IT upgrades, incentives

As the Centers for Medicare and Medicaid Services prepares to upgrade its computer systems and begins to award incentive payments to eligible meaningful users of electronic health records, the Office of the...

Handbook: HIPAA Handbook for Executive, Administrative and Corporate Staff

Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand their roles and responsibilities in protecting patient privacy and...

go to complete list